Add a way to run a command without updating the cached credentials.

This can also be used to test for whether or not the user's
credentials are currently cached.

src/parse_args.c

@@ -49,6 +49,7 @@ int tgetpass_flags;
  */
 static void help(void) __attribute__((__noreturn__));
 static void usage_excl(void) __attribute__((__noreturn__));
+static void usage_excl_ticket(void) __attribute__((__noreturn__));
 
 /*
  * Mapping of command line flags to name/value settings.
@@ -63,6 +64,7 @@ static struct sudo_settings sudo_settings[] = {
     { "run_shell" },
     { "login_shell" },
     { "ignore_ticket" },
+    { "update_ticket" },
     { "prompt" },
     { "selinux_role" },
     { "selinux_type" },
@@ -111,8 +113,8 @@ struct environment {
  * There is a more limited set of options for sudoedit (the sudo-specific
  * long options are listed first).
  */
-static const char sudo_short_opts[] = "+Aa:BbC:c:D:Eeg:Hh::iKklnPp:R:r:SsT:t:U:u:Vv";
-static const char edit_short_opts[] = "+Aa:BC:c:D:g:h::knp:R:r:ST:t:u:V";
+static const char sudo_short_opts[] = "+Aa:BbC:c:D:Eeg:Hh::iKklNnPp:R:r:SsT:t:U:u:Vv";
+static const char edit_short_opts[] = "+Aa:BC:c:D:g:h::KkNnp:R:r:ST:t:u:V";
 static struct option sudo_long_opts[] = {
     /* sudo-specific long options */
     { "background",	no_argument,		NULL,	'b' },
@@ -137,6 +139,7 @@ static struct option sudo_long_opts[] = {
     { "help",		no_argument,		NULL,	'h' },
     { "host",		required_argument,	NULL,	OPT_HOSTNAME },
     { "reset-timestamp", no_argument,		NULL,	'k' },
+    { "no-update",	no_argument,		NULL,	'N' },
     { "non-interactive", no_argument,		NULL,	'n' },
     { "prompt",		required_argument,	NULL,	'p' },
     { "chroot",		required_argument,	NULL,	'R' },
@@ -403,15 +406,16 @@ parse_args(int argc, char **argv, int *old_optind, int *nargc, char ***nargv,
 		    sudo_settings[ARG_LOGIN_SHELL].value = "true";
 		    SET(flags, MODE_LOGIN_SHELL);
 		    break;
-		case 'k':
-		    sudo_settings[ARG_IGNORE_TICKET].value = "true";
-		    break;
 		case 'K':
-		    sudo_settings[ARG_IGNORE_TICKET].value = "true";
 		    if (mode && mode != MODE_KILL)
 			usage_excl();
 		    mode = MODE_KILL;
 		    valid_flags = 0;
+		    FALLTHROUGH;
+		case 'k':
+		    if (sudo_settings[ARG_UPDATE_TICKET].value != NULL)
+			usage_excl_ticket();
+		    sudo_settings[ARG_IGNORE_TICKET].value = "true";
 		    break;
 		case 'l':
 		    if (mode) {
@@ -423,6 +427,11 @@ parse_args(int argc, char **argv, int *old_optind, int *nargc, char ***nargv,
 		    mode = MODE_LIST;
 		    valid_flags = LIST_VALID_FLAGS;
 		    break;
+		case 'N':
+		    if (sudo_settings[ARG_IGNORE_TICKET].value != NULL)
+			usage_excl_ticket();
+		    sudo_settings[ARG_UPDATE_TICKET].value = "false";
+		    break;
 		case 'n':
 		    SET(flags, MODE_NONINTERACTIVE);
 		    sudo_settings[ARG_NONINTERACTIVE].value = "true";
@@ -758,6 +767,19 @@ usage_excl(void)
     usage();
 }
 
+/*
+ * Tell which options are mutually exclusive and exit.
+ */
+static void
+usage_excl_ticket(void)
+{
+    debug_decl(usage_excl_ticket, SUDO_DEBUG_ARGS);
+
+    sudo_warnx("%s",
+	U_("Only one of the -K, -k or -N options may be specified"));
+    usage();
+}
+
 static void
 help(void)
 {